查看完整版本: [-- 【问题】yk sama 来看看这是什么毒? --]

【 浮游城 - Castle in the Sky | 开放邀请注册,PS|SS|WII|DC下载研究中心 】 -> 【 电脑全方位 | Computer All Round 】 -> 【问题】yk sama 来看看这是什么毒? [打印本页] 登录 -> 注册 -> 回复主题 -> 发表主题

拉菲尔 2009-07-28 11:50

总是在u盘里出现,删不掉

shili123 2009-07-28 12:44
这玩意没记错应该就是autorun系列病毒
下个USBcleaner秒杀他

说起来U盘病毒很多人都没有了解……搞得在学校管理多媒体那会儿不会有别的病毒只会有USB病毒……搞得我可是对于USB病毒恨之入骨各种防御都会了

david_lu_st 2009-07-28 14:03
autorun的U盘毒我用XPLORER没中过

knktc 2009-07-28 19:09
很奇怪的东西……
继续研究下……

knktc 2009-07-28 19:12
诡异的autorun.inf文件,不知道是个什么东西。没有高级工具能用,不知道该怎么分析……
文件 u.zip 接收于 2009.07.28 11:21:19 (UTC)
反病毒引擎版本最后更新扫描结果
a-squared4.5.0.242009.07.28Net-Worm.Win32.Kido!IK
AhnLab-V35.0.0.22009.07.28Win32/Conficker.worm.165025
AntiVir7.9.0.2282009.07.28TR/Crypt.ZPACK.Gen
Antiy-AVL2.0.3.72009.07.28Worm/Win32.Kido.gen
Authentium5.1.2.42009.07.27W32/Conficker!Generic
Avast4.8.1335.02009.07.27Win32:Confi
AVG8.5.0.3872009.07.28I-Worm/Generic.COL
BitDefender7.22009.07.28Worm.Generic.63560
CAT-QuickHeal10.002009.07.28Worm.Conficker.b
ClamAV0.94.12009.07.28Worm.Kido-34
Comodo17932009.07.28NetWorm.Win32.Kido.~A
DrWeb5.0.0.121822009.07.28Win32.HLLW.Shadow.based
eSafe7.0.17.02009.07.27-
eTrust-Vet31.6.66432009.07.28Win32/Conficker
F-Prot4.4.4.562009.07.27W32/Conficker!Generic
F-Secure8.0.14470.02009.07.28Worm:W32/Downadup.gen!A
Fortinet3.120.0.02009.07.28W32/Conficker.B!worm
GData192009.07.28Worm.Generic.63560
IkarusT3.1.1.64.02009.07.28Net-Worm.Win32.Kido
Jiangmin11.0.8002009.07.28I-Worm/Kido.c
K7AntiVirus7.10.8032009.07.27Net-Worm.Win32.Downadup.eo
Kaspersky7.0.0.1252009.07.28Net-Worm.Win32.Kido.ih
McAfee56902009.07.27W32/Conficker.worm.gen.a
McAfee+Artemis56902009.07.27W32/Conficker.worm.gen.a
McAfee-GW-Edition6.8.52009.07.28Trojan.Crypt.ZPACK.Gen
Microsoft1.49032009.07.28Worm:Win32/Conficker.C
NOD3242842009.07.28a variant of Win32/Conficker.AA
Norman6.01.092009.07.28W32/Conficker.CR
nProtect2009.1.8.02009.07.28-
Panda10.0.0.142009.07.27W32/Conficker.C.worm
PCTools4.4.2.02009.07.27Net-Worm.Kido.l
Prevx3.02009.07.28High Risk Worm
Rising21.40.12.002009.07.28Worm.Win32.Undef.dc
Sophos4.44.02009.07.28Mal/Conficker-A
Sunbelt3.2.1858.22009.07.28Bulk Trojan
Symantec1.4.4.122009.07.28W32.Downadup.B
TheHacker6.3.4.3.3752009.07.28W32/Conficker.gen
TrendMicro8.950.0.10942009.07.28WORM_DOWNAD.AD
VBA323.12.10.92009.07.28Worm.Win32.kido.110
ViRobot2009.7.28.18572009.07.28Worm.Win32.Conficker.165025
VirusBuster4.6.5.02009.07.27Worm.Kido.KL
 
附加信息
File size: 183845 bytes
MD5...: 57c993ddae47217a951b8454c65fa569
SHA1..: 828e2b52309de6704e4b6958903d297ec155e680
SHA256: 6dbe029c187cd99b09c45baeaf227af0a212bfda771fd5efbf073b1f0a93009f
ssdeep: 3072:KhlixHKXOzaKf/gDOg+A2O8Ziv9oraLk2mbGZjZ+vcqSrlY9IHjFqXu/Gw0
1F:KqqvaYDOd/Av91nmbGFMvcdBhHjMz
PEiD..: -
TrID..: File type identification
ZIP compressed archive (99.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (F-Prot): Unicode
packers (Antiy-AVL): CrypToCrackPeProtector0.93
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=C08CB322A11A7B22846302B3E6FCD9005C30027A

永恒の翼 2009-07-28 23:34
网络的那个从FLASH里传播的Conficker蠕虫……

只是中国的SB们放大化了点而已

YZB 2009-07-29 09:45
yk sama很少来水区的

shili123 2009-07-29 11:34
引用
引用第4楼knktc于2009-07-28 19:12发表的  :
诡异的autorun.inf文件,不知道是个什么东西。没有高级工具能用,不知道该怎么分析……

文件 u.zip 接收于 2009.07.28 11:21:19 (UTC)反病毒引擎版本最后更新扫描结果a-squared4.5.0.242009.07.28Net-Worm.Win32.Kido!IKAhnLab-V35.0.0.22009.07.28Win32/Conficker.worm.165025AntiVir7.9.0.2282009.07.28TR/Crypt.ZPACK.GenAntiy-AVL2.0.3.72009.07.28Worm/Win32.Kido.genAuthentium5.1.2.42009.07.27W32/Conficker!GenericAvast4.8.1335.02009.07.27Win32:ConfiAVG8.5.0.3872009.07.28I-Worm/Generic.COLBitDefender7.22009.07.28Worm.Generic.63560CAT-QuickHeal10.002009.07.28Worm.Conficker.bClamAV0.94.12009.07.28Worm.Kido-34Comodo17932009.07.28NetWorm.Win32.Kido.~ADrWeb5.0.0.121822009.07.28Win32.HLLW.Shadow.basedeSafe7.0.17.02009.07.27-eTrust-Vet31.6.66432009.07.28Win32/ConfickerF-Prot4.4.4.562009.07.27W32/Conficker!GenericF-Secure8.0.14470.02009.07.28Worm:W32/Downadup.gen!AFortinet3.120.0.02009.07.28W32/Conficker.B!wormGData192009.07.28Worm.Generic.63560IkarusT3.1.1.64.02009.07.28Net-Worm.Win32.KidoJiangmin11.0.8002009.07.28I-Worm/Kido.cK7AntiVirus7.10.8032009.07.27Net-Worm.Win32.Downadup.eoKaspersky7.0.0.1252009.07.28Net-Worm.Win32.Kido.ihMcAfee56902009.07.27W32/Conficker.worm.gen.aMcAfee+Artemis56902009.07.27W32/Conficker.worm.gen.aMcAfee-GW-Edition6.8.52009.07.28Trojan.Crypt.ZPACK.GenMicrosoft1.49032009.07.28Worm:Win32/Conficker.CNOD3242842009.07.28a variant of Win32/Conficker.AANorman6.01.092009.07.28W32/Conficker.CRnProtect2009.1.8.02009.07.28-Panda10.0.0.142009.07.27W32/Conficker.C.wormPCTools4.4.2.02009.07.27Net-Worm.Kido.lPrevx3.02009.07.28High Risk WormRising21.40.12.002009.07.28Worm.Win32.Undef.dcSophos4.44.02009.07.28Mal/Conficker-ASunbelt3.2.1858.22009.07.28Bulk TrojanSymantec1.4.4.122009.07.28W32.Downadup.BTheHacker6.3.4.3.3752009.07.28W32/Conficker.genTrendMicro8.950.0.10942009.07.28WORM_DOWNAD.ADVBA323.12.10.92009.07.28Worm.Win32.kido.110ViRobot2009.7.28.18572009.07.28Worm.Win32.Conficker.165025VirusBuster4.6.5.02009.07.27Worm.Kido.KL 附加信息File size: 183845 bytesMD5...: 57c993ddae47217a951b8454c65fa569SHA1..: 828e2b52309de6704e4b6958903d297ec155e680SHA256: 6dbe029c187cd99b09c45baeaf227af0a212bfda771fd5efbf073b1f0a93009fssdeep: 3072:KhlixHKXOzaKf/gDOg+A2O8Ziv9oraLk2mbGZjZ+vcqSrlY9IHjFqXu/Gw01F:KqqvaYDOd/Av91nmbGFMvcdBhHjMzPEiD..: -TrID..: File type identificationZIP compressed archive (99.8%)Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)PEInfo: -PDFiD.: -RDS...: NSRL Reference Data Set-packers (F-Prot): Unicodepackers (Antiy-AVL): CrypToCrackPeProtector0.93Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=C08CB322A11A7B22846302B3E6FCD9005C30027A


我觉得您已经强悍翻了……

这东西要说处理用USBcleaner不就好了么?分析?分析我就作路人状了……

拉菲尔 2009-07-29 12:02
用uclean清了,但是u盘拔下再插上后还是会出现哦

shili123 2009-07-29 12:59
在U盘在上面时清理,然后全盘清理,我就是这么干的

装神 2009-07-30 17:37
删不了就禁,系统禁很管用。

knktc 2009-07-30 17:54
插到ubuntu上看看有什么不对的地方

拉菲尔 2009-07-30 18:35
似乎无法自动卸载,需要用命令行

yksoft1 2009-08-02 22:17
LZ你还是走简单短平快的路线,备份数据全盘杀毒重做系统吧

拉菲尔 2009-08-04 12:46
这毒很厉害麽?


查看完整版本: [-- 【问题】yk sama 来看看这是什么毒? --] [-- top --]


Powered by PHPWind Code © 2003-08 PHPWind
Gzip enabled

You can contact us